Malware News Lookout: HummingBad is Just Shedun Renamed

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
The HummingBad malware is just another version of a particularly dangerous family of malware, known as Shedun, according to Lookout Software. And detections of it spiked over 300% in March, and further spiked over 600% in the past month.

Lookout discovered and first reported Shedun last November. It’s a trojanized adware that roots Android devices, masquerading as legitimate apps such as Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app. Three similar families are associated with Shedun: Shuanet, ShiftyBug and BrainTest.

The firm said that it wanted to emphasize that, despite declarations to the contrary, HummingBad isn’t new.

“To make matters more confusing, different vendors have different names for Shedun,” Lookout noted in a blog. “You may have heard Shedun called HummingBad, Hummer, or ANDROIDOS_LIBSKIN, or right_core (the APK name). Recent reports on HummingBad raise alarms of a malicious and widespread family one of our competitors claims to have first discovered in February 2016. This is the same as Shedun, which we discovered several months before then, in November 2015. This family is extremely malicious, but it is not new.”

Check Point, which reported the malware as a new strain discovered this past February, said that it was found to control 85 million devices globally, generating an estimated $300,000 per month in fraudulent ad revenue for the criminals behind it. It’s a tool used by Yingmob, a group of Chinese cyber-criminals. HummingBad establishes a persistent rootkit on Android devices to generate fraudulent ad revenue, and installs additional fraudulent apps to increase the revenue stream for the fraudster.

Full Article. Lookout: HummingBad is Just Shedun Renamed
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top